SSID PSK Change after 90 days

PJB
Here to help

SSID PSK Change after 90 days

Hi there,

 

I am looking for a solution to this issue; I have set up a Corporate SSID for new remote users. They gain access via a PSK only (No radius involved etc). However, how do I set up a prompt/alert that the password needs changing after 90 days. Even an email to send to the support desk so that they can inform the users of a new password.

 

All help much appreciated

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal

I have an script that I use for MX-w , I will share with you, maybe you can use it.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

I know what you want is an alert to change your password every 90 days, but with PSK you won't be able to do that.
 
It would be much more viable to use 802.1x integrated with AD and in AD you define a password policy, but come on, I have this script that I currently use to change the password to a random password from an SSID and add it to Linux cron to run every 30 days.
 
Note that this is for an MX-w network so you have to adapt it to MR.
 
Here is the API that can be used instead.

https://developer.cisco.com/meraki/api/update-network-wireless-ssid/



import requests
import secrets
import string

# Replace 'your_api_key', 'your_network_id', and 'your_ssid_number' with the actual values
api_key = 'your_api_key'
network_id = 'your_network_id'
ssid_number = 'your_ssid_number'

# API URL
url = f'https://api.meraki.com/api/v1/networks/{network_id}/appliance/ssids/{ssid_number}'

# Generates a random password with at least 15 characters, including uppercase letters, lowercase letters, and special characters
def generate_password():
    characters = string.ascii_letters + string.digits + string.punctuation
    password = secrets.choice(string.ascii_uppercase) + secrets.choice(string.ascii_lowercase) + secrets.choice(string.digits) + secrets.choice(string.punctuation)
    password += secrets.token_urlsafe(12)
    return ''.join(secrets.choice(characters) for _ in range(15 - len(password))) + password

# Request header with the API key
headers = {
    'X-Cisco-Meraki-API-Key': api_key,
    'Content-Type': 'application/json',
}

# Generates a new password
new_password = generate_password()

# Data to be sent in the PUT request
data = {
    'name': 'SSID Name',  # Replace with the actual SSID name
    'enabled': True,
    'authMode': 'psk',
    'encryptionMode': 'wpa',
    'wpaEncryptionMode': 'WPA2 only',  # Replace with the desired encryption mode
    'psk': new_password,
}

# Makes the PUT request to change the SSID password
response = requests.put(url, headers=headers, json=data)

# Checks if the request was successful (status code 200)
if response.status_code == 200:
    print(f"Password changed successfully. New password: {new_password}")
else:
    # Displays an error message if the request failed
    print(f"Request failed. Status code: {response.status_code}")
    print(response.text)
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PJB
Here to help

Hi there,

 

Many thanks for that script. I am not familiar with implementing them at all and quite noobie regarding API configuration etc.

Is this the only other way this can be done? Can you walk me through it 

alemabrahao
Kind of a big deal
Kind of a big deal

Not natively, if you had a Cisco ISE you would have more possibilities.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels